Microsoft is considering issuing a security patch to fix
a vulnerability in its PowerPoint presentation
software.
The flaw allows remote attackers to run arbitrary code on the
affected user’s machine. It is spread by malicious e-mails
containing a rogue PowerPoint attachment.
Microsoft said it is investigating reports of limited “zero-day”
attacks using a vulnerability in Microsoft PowerPoint 2000,
Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003,
Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint v. X
for Mac.
A zero day attack uses exploit code which has not been patched
against by the software supplier, and when attacks take place
before warnings can be made to users.
Microsoft said, “As a best practice, users should always
exercise extreme caution when opening unsolicited attachments from
both known and unknown sources. Microsoft has added detection to
the Windows Live OneCare safety scanner for up-to-date removal of
malicious software that attempts to exploit this
vulnerability.”
Microsoft said it would consider issuing another patch ahead of
its monthly scheduled security patching date, on 10 October.
Earlier this week, the company broke form its monthly patching
cycle and issued a fix to plug a security hole in Internet
Explorer.